Enabling Strong Authentication for Users of Single Sign-On (SSO) Applications in SailPoint IdentityNow
Strong Authentication can be configured as a requirement for all authenticated users of IdentityNow. When this is configured, users will only be able to launch any Applications (App) after they supply additional information verifying their identity.
These additional information could be:
● Verification codes sent via email or text message
● Security Questions
● Re-entering Passwords
● RSA SecurID
These are the steps to configure this capability:
● Network Settings
● Trusted Countries
● Strong Authentication
Log in as Administrator, navigate to Admin > Global > System Settings > Network Settings > Network Definitions
Populate into the field provided in the screenshot above with the IP address ranges for your corporate network and press the “Save” button when completed.
Click “Add” button to add more IP ranges as may be required.
Log in as Administrator, navigate to Admin > Global > System Settings > Network Settings > Trusted Countries
Populate into the field provided in the screenshot above the names of the Countries you want to either Blacklist or Whitelist. This field will auto-fill with appropriate value once you start typing. Press the “Save” button when completed.
Click “Add” button to add more Countries to the list as may be required.
Log on as Administrator, navigate to Admin > Applications > [Desired App] > Settings > Strong Authentication
From this page, you can select your desired options and then click the “Save” button. This will in-turn enforce the following category of users to supply additional information depending on your choice.
● All users – Every authenticated user
● Off-Network – Everyone outside of the corporate network
● Untrusted Geographies – Everyone accessing resources from untrusted Countries
Sample Launchpad Display for Strong Authentication Apps
When a user authenticates into IdentityNow and they are required to perform Strong Authentication, the below screenshot displays how the App icon will display for them. They will not be able to launch the App until they supply additional information which verifies their identity.